[squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method
David Touzeau
david at articatech.com
Mon Jan 22 22:38:48 UTC 2018
Hi
I'm using Squid Cache: Version 4.0.22 in transparent method
After several times the SSL port going into < freeze mode > and write in
logs
1516660011.849 000000 192.168.1.214 NONE/000 0 NONE
error:transaction-end-before-headers -
Doing a squid -k reconfigure release all freeze requests and proxy run in
normal behavior and return back to freeze mode after 1 or 2 hours
How to fix this issue ?
Using the defined configuration :
http_port 192.168.1.1:50634 intercept disable-pmtu-discovery=transparent
name=MyPortNameID27
https_port 192.168.1.1:50635 intercept disable-pmtu-discovery=transparent
name=MyPortNameID28 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bf
c65772f68b84393604cd6ea.dyn tls-dh=/etc/squid3/ssl/dhparam.pem
sslcrtd_program /lib/squid3/security_file_certgen -s
/var/lib/squid/session/ssl/ssl_db -M 8MB
sslcrtd_children 16 startup=5 idle=1
acl FakeCert ssl::server_name .apple.com
acl FakeCert ssl::server_name .icloud.com
acl FakeCert ssl::server_name .mzstatic.com
acl FakeCert ssl::server_name .dropbox.com
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice GlobalWhitelistDSTNet
ssl_bump splice GlobalWhitelistDomainsRx
ssl_bump splice GlobalWhitelistDomains
ssl_bump splice FakeCert
ssl_bump splice all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180122/29011a70/attachment.html>
More information about the squid-users
mailing list